diff options
| -rw-r--r-- | accounts/__init__.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/accounts/__init__.py b/accounts/__init__.py index ae309ff..a75010b 100644 --- a/accounts/__init__.py +++ b/accounts/__init__.py @@ -57,7 +57,7 @@ def template_default_context(): @templated('index.html') def index(): if not g.user: - form = LoginForm(request.form, csrf_enabled=False) + form = LoginForm(request.form) if form.validate_on_submit(): if login_user(form.username.data, form.password.data): flash(u'Erfolgreich eingeloggt', 'success') @@ -74,7 +74,7 @@ def index(): @templated('register.html') @logout_required def register(): - form = RegisterForm(request.form, csrf_enabled=False) + form = RegisterForm(request.form) if form.validate_on_submit(): send_register_confirmation_mail(form.username.data, form.mail.data) @@ -103,7 +103,7 @@ def register_complete(token): flash(u'Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:') return redirect(url_for('index')) - form = RegisterCompleteForm(request.form, csrf_enabled=False) + form = RegisterCompleteForm(request.form) if form.validate_on_submit(): password = form.password.data @@ -137,7 +137,7 @@ def register_complete(token): @templated('lost_password.html') @logout_required def lost_password(): - form = LostPasswordForm(request.form, csrf_enabled=False) + form = LostPasswordForm(request.form) if form.validate_on_submit(): #TODO: make the link only usable once (e.g include a hash of the old pw) # atm the only thing we do is make the link valid for only little time @@ -165,7 +165,7 @@ def lost_password(): def lost_password_complete(token): username, = http_verify_confirmation('lost_password', token.encode('ascii'), timeout=4*60*60) - form = RegisterCompleteForm(request.form, csrf_enabled=False) + form = RegisterCompleteForm(request.form) if form.validate_on_submit(): user = app.user_backend.get_by_uid(username) user.change_password(form.password.data) |